Workstation Login for Windows
Overview
If your organization is using Active Directory to manage its users, you have the option of enabling BlockID Workstation Login.
Once configured, BlockID Workstation Login allows users to log in to their Windows workstation using BlockID passwordless authentication, including when you are offline.
| Authentication Scheme | Supported Capability | BlockID | |
|---|---|---|---|
| ONLINE | User ID & Password | Traditional login | ✅ |
| ONLINE | User ID & Password + BlockID TOTP | MFA | ✅ |
| ONLINE | User ID & Password + hardware TOTP | MFA | ✅ |
| ONLINE | User ID + BlockID TOTP | Passwordless & MFA | ✅ |
| ONLINE | User ID + hardware TOTP | Passwordless & MFA | ✅ |
| ONLINE | QR Code or Push Notification | Passwordless | ✅ |
| ONLINE | FIDO Login + Device Biometrics + DID Linked | Identity-based Authentication | ✅ |
| OFFLINE | User ID & Password + Workstation OTP | MFA for Offline use | ✅ |
| OFFLINE | User ID + Workstation OTP | Passwordless MFA for Offline use | ✅ |
Prerequisites
There are a few prerequisites that need to be met before Workstation Login can be enabled:
- Active Directory
- NDES Configuration for BlockID
- SCEP configuration enabled and setup for AD Broker in AdminX
- BlockID Mobile Application installed and linked to your account
- SCardSvr (Smart Card) Service should be enabled on workstations
Logging In Using BlockID
Online Login via QR Code
After setting up your network for Workstation Login as detailed in the above prerequisites, you are ready to log in using BlockID.
Using this method, you can log into your Windows workstation by scanning a QR code:
- Click on the QR Login tile on the login screen of the workstation
- Using your mobile device, open the BlockID mobile application and scan the displayed QR code.
- Click the green checkmark on the BlockID mobile application to authenticate your sign-in request.
Once the authentication request is approved on the mobile application by clicking the green check mark, you will be logged in.
Online Login via Push Notification
Once the workstation is locked, users will see a tile labeled with their BlockID username. If multiple users are in session, users will see multiple tiles on the login screen.
- Click on your BlockID user from the available tiles.
- Next, you should receive a push request from the BlockID mobile application on your phone. Open it, and authenticate the login request by clicking the green check mark.
Once the login request has been authenticated, the login process is complete, and you will be immediately logged in to your workstation.
Online Login via Username, Password, and OTP
Users can choose to log in via a username and password, along with the time-based one-time passcode (OTP) displayed on the BlockID mobile application:
Select Login with OTP on your workstation.
Enter your username and password.
Next, open your BlockID mobile app and swipe left to display your six-digit OTP. Enter this OTP on your workstation below your username and password, as shown below, to finish logging in to your account.
Your OTP code will expire and refresh every 30 seconds. You will want to ensure that you enter your OTP quickly so that it does not expire while you are attempting to logon
Online Login via Username, Password, and Hardware OTP
Users can enable hardware OTP support in the BlockID Configuration application. If your organization uses a hardware device such as a OneSpan to generate OTP codes, you should enable this feature in the BlockID Configuration software:
- Launch the BlockID Configuration App on your Windows workstation.
- Click the Advanced tab, and check Use Hardware OTP.
- Click Save & Close to save the changes.
Once enabled, this feature will be available on any future sign-ins.
On your workstation, select Login with OTP.
Enter your username and password.
Enter the six-digit OTP that is displayed on your hardware device. Enter this OTP on your workstation below your username and password as shown to finish logging in to your account.
Offline Login via Workstation OTP
The BlockID credential provider installed on the Windows workstation can automatically detect if your workstation is offline and prompt for an Offline OTP. Offline OTP codes are available on the BlockID mobile app and rotate every 30 seconds. Entering the Offline code will unlock the workstation.
When Offline Login is enabled, you can authenticate to your workstation even when not connected to the internet. The workstation will detect when you are offline and present the option to log in with an offline OTP from the workstation login screen.
When you are offline, select log in with OTP and enter your BlockID Username.
On your phone, open the BlockID Mobile App and click the three-bar hamburger menu to access the Menu.
- From the menu, select Offline Login
- Enter the six-digit OTP code from your phone on your workstation and click the arrow to complete the login
Once the OTP code has been accepted, you will be immediately logged into your workstation.
Disabling Offline Login
Offline Login is enabled by default. If you wish to disable offline login, follow the following steps:
- Launch the BlockID Configuration App on your Windows workstation.
- Click the Advanced tab, and uncheck Enable Offline OTP.
- Click Save & Close to save the changes.
